I'm a technologist, and my interests lie at the point of fusion between technology, finance and innovation. I'm Deputy Director for the "Financial Services for the Poor" initiative at the Bill & Melinda Gates Foundation. I'm the author of The Castle And The Sandbox, a book on how to innovate in conservative companies. Previously I was the co-founder of Innotribe, the initiative for collaborative innovation in the financial industry, and chief architect of SWIFTNet, SWIFT's worldwide secure network currently connecting 8,000 banks and 1,000 corporations, and servicing daily the world economy. You can find me on Twitter: copernicc, and Google+ .

An European In New York - A Story Of Convenience Versus Security

This post is about my experience as a consumer and a client of both a US bank and European banks. It is striking how the experience is different. It is a battle of convenience versus security.

Last week I was in New York to meet a number of innovation contacts and for a debrief of Innotribe@Sibos with journalists.

I landed on the Sunday between Black Friday and Cyber Monday, two major shopping events kicking off the Xmas frenzy, and the city was in full shopping dress. The Fifth avenue’s storefronts were rivalling each other to attract onlookers. Later in the week, I was also part of the tens of thousands of people on the streets near Rockefeller centre for a cold but nice evening to watch the new Christmas tree.

So, on the Sunday afternoon I went for my own Xmas shopping, which brings me back to the subject of this post. I have an account in a US bank, and when I shop in the US, I use a debit card of that bank.

As an European using a US debit card for shopping, you immediately notice a big difference in the way things happen. It is clear that in the US everything is done to make the payment fast and convenient. You tap or swipe the card. If the amount is less than 10 dollars, off you go. If the amount is more, you will be asked to sign (on paper or on a device) and that’s it.

Occasionally, a clerk will ask you: “Debit or Credit?”. I could not figure for a while exactly what I was supposed to answer. Eventually I understood that if I answered “Debit”, I would be asked to enter the PIN code of the card.

As in Europe, where no transaction can happen without a PIN code and a smart (chip) card.

But in the US, people don’t want to be bothered to remember all these pin codes. You just say “credit” and off you go. Also, the card I have is not a smart version, it just has a magnetic strip. But it is smart in a another way: I can tap it on a POS terminal- no need to always swipe it.

See the pattern? It’s all about convenience.

The European in me got, at some point, a little worried about so much simplicity and convenience. What about security? What about if my card gets stolen and misused?

In one of my previous trips, something very interesting happened that put my mind at ease. In that past trip, after I made a couple of purchases, the next one was refused. Immediately I got a phone call – from my bank. The call was triggered by the unusual pattern of the card’s usage (I used it after a long period, and the amount was bigger than usual). The person on the phone asked me the traditional questions to verify it was indeed me using the card, and re-enabled the card immediately.

At the end of the call, he told me “Sorry for the inconvenience”. I said: “At the contrary, I thank you for taking care”. I was indeed happy that they were on the ball.

No, the US banks are not less security conscious. They just do things differently. I must say I was quite impressed- this bank in the US must have quite some tech to be able to spot patterns of people’s spending and react in real time.

How about online banking, you ask? Same- convenience trumps. There’s no security gizmos or calculators to authenticate and sign your transactions. You login with your user id and password. But they track which devices and computers you connect from. If you try using a different device, a special procedure kicks in to authenticate you.

In Europe, there’s no way you can access online banking without some security gizmo, most often a calculator-like device in which you insert a debit or a credit card. Every time you sign a transaction, you type in sequences of digits from the computer screen into the device, and then copy other sequences of digits displayed by the device back into the computer.

My long time readers will see my usual complaint coming- indeed when I sit down to do my weekly payments in front of my computer, I have 4 different gizmos to deal with, because I’m client of 5 different banks. I want to use this occasion though to congratulate AXA and CBC in Belgium, who decided to use the same gizmo for their web sites (Yay!). If only all banks would decide to do the same…

There are other interesting things that are possible in the US system. Companies like Yodlee, Mint, Wesabe and others are empowering banking customers to mashup data from all their accounts and aggregate them in a single integrated view. A little bit like SWIFT does for CFOs of large companies connected to their network.

Something like this would be very difficult in Europe, because of the security concerns. But also, perhaps even more importantly, because banks are not ready to relinquish this immediate and close relationships they have with their consumers, thought the specific websites and gizmos.

What will prevail? Openness and convenience? Or security and closed systems?

The young hyper-connected generation coming up as our new customers and employees will “vote their feet”.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

Comments

I have spent the past 15 years in electronic banking and mobile payments and I 100% concur with this author’s observations. I recall in the late 90′s selling information security to banks and the Euro banks were very knowledgable about info sec issues and solutions. Note that we sold far more into Euro banks than US banks.

I have often said organizations have a sliding scale between Security and Convenience. It should be noted this is a tradeoff, they are diametrically opposed, so none of this silly, “well do both.” I have noticed my ING Direct Bank account was much harder to log into than my Wells Fargo account for this exact reason. Now that ING Direct is owned by Cap One of the US, I wonder if the focus will change. Of course as an American I prefer the convenient approach.

Dave, what conclusion should we draw? Fraud has to do with many things including phishing and social engineering, which are possible with or without security gizmos (see the recent outbreak of fraud targeting online banking in EU). I don’t have the underlying data you mention, would be curious to see the types of fraud and how they relate to the consumer security model.

Banks are getting better at this. Bank of America lets me mark dates when I will be out of the country so the bank doesn’t stop my debit transactions. A previous bank would send a letter to my home tell me my card was being used in London — pretty useless. My midwestern Associated Bank, however, blocked my card when I was at Sibos and called my home with an alert, but wouldn’t act on my wife’s assurance that I was in Japan. I had to call in — Skype proved useful. You’d think they’d have heard of email alerts. My favorite security story came from Til Guildimann of SunGard who told of being in Singapore for Sibos and buying flowers ahead of visiting friends for dinner. His credit card company called his home and informed his wife that his credit card had been used at a Singapore florist shop — fortunately she knew he was visiting friends….